1

Computers and Society Security and Privacy

2

Identify the various types of security risks that can threaten

computers

Describe ways to safeguard a computer

Know how a computer virus works and the steps individuals

can take to prevent viruses

Understand how to create a good password

Identify various biometric devices

Recognize that software piracy is illegal

Explain why encryption is necessary

Know why computer backup is important and how it is

accomplished

Discuss the steps in a disaster recovery plan

Understand ways to secure an Internet transaction

List ways to protect your personal information

Objectives

3

What is a computer security risk? Any event or action

that could cause a loss of or damage to computer hardware, software, data, information, or processing capability

May be accidental or planned

Intentional breach of computer security often involves a deliberate act that is against the law

Computer crime

Any illegal act involving a computer

Cyber crime

Online or Internet-based

illegal acts

Safeguard

A protective measure you can take to

minimize or prevent security risks

4

What is a computer virus? A potentially damaging computer program

that affects, or infects, your computer negatively by altering the way computer works without your knowledge or permission

A segment of program code from some outside source that implants itself in a computer

Once in the computer it can spread throughout and may damage your files and operating system

5

What are the ways viruses can be activated? Opening an infected file Running an infected program Booting the computer with an infected

floppy disk in the disk drive

6

What is the source of a virus? Written by a programmer, known as a virus

author Some write viruses as a challenge Others write viruses to cause destruction

7

Boot sector virus

• Sometimes called a system virus

• Executes when a computer boots up

• Resides in the boot sector of a floppy disk or the master boot record of a hard disk

What are the three main types of virus?

File virus

• Sometimes called a program virus

• Attaches itself to program files

• When you run the infected program, the virus loads into memory

Macro virus

• Uses the macro language of an application, such as word processing or spreadsheet, to hide virus code

• When you open a document that contains an infected macro, the virus loads into memory

8

How do viruses activate?

Many activate as soon as a computer accesses an infected file or runs an infected program

Logic bomb

A virus that activates when it detects a certain condition

Time bomb

A type of logic bomb that activates on a particular date

9

A program that acts without a user’s knowledge

Deliberately alters the computer's operations

Also called malware Several types• virus• worm• Trojan horse

Worm

A malicious-logic program that copies itself repeatedly in memory or on a disk drive until no memory or disk

space remains

Trojan horse

A malicious-logic program that hides within or looks like a legitimate program

and is usually triggered by a certain condition or action

Unlike a virus or worm, it does not replicate itself to other computers

What is a malicious-logic program?

10

How can you safeguard your computer from virus attacks? Install an antivirus

program and upgrade it frequently

An antivirus program identifies and removes any computer viruses found in memory, on storage media, or on incoming files

Most antivirus programs also protect against worms and Trojan horses

Popular antivirus software packages

11

What does an antivirus program do? Detects and identifies

viruses Inoculates existing program

files Removes or quarantines

viruses Creates a rescue disk

12

How does an antivirus program scan for a virus? Scans for programs that attempt to modify the

boot program, the operating system, and other programs that normally are read from but not modified

Many also scan • Files you download from the Web• E-mail attachments• Files you open• All removable media

13

What is a virus signature? A known specific pattern of virus code Also called a virus definition Antivirus software uses signature files to identify viruses You should update the signature files to include patterns

for newly discovered viruses Many antivirus programs contain an auto-update feature

14

How does an antivirus program inoculate a program file? The antivirus program records information

about the files in a separate inoculation file• File size

• File creation date

The antivirus program uses this information to detect if a virus tampers with the inoculated program file

15

What does an antivirus program do once it detects a virus?

Removes the virus if possible Quarantines the infected file

• Quarantine: a separate area of a hard disk that holds the infected file until you can remove its virus

16

What is a rescue disk? A removable disk that contains an

uninfected copy of key operating system commands and startup information

Also called an emergency disk Enables the computer to restart correctly Created by most antivirus programs Upon startup the rescue disk finds and

removes the boot sector virus

17

Access control• A security measure that defines

who can access a computer, when they can access it, and what actions they can take while accessing the computer

Two-phase process of access control• Identification verifies that you

are a valid user• Authentication verifies that you

are who you claim to be Four methods exist

User names and passwords

Possessed objects

Biometric devices

Callback systems

How can unauthorized access and use be prevented?

18

What is a user name?

A unique combination of characters that identifies one specific user

Also called a user ID A password is a secret combination of

characters associated with the user name that allows access to certain computer resources

19

What is a possessed object? Any item that you must carry to gain access to a

computer or computer facility• Badges• Cards• Keys

Often used in combination with a personal identification number (PIN)• A numeric password, either assigned by a

company or selected by you

20

What is a biometric device? Authenticates a person’s

identity by verifying personal characteristics

Grants access to programs, systems, or rooms using computer analysis of some biometric identifier

Translates a person’s characteristics into a digital code that is compared to a digital code stored in the computer

Biometric identifier

A physical or behavioral characteristic

• Fingerprints

• Hand geometry

• Facial features

• Voice

• Signatures

• Retinal (eye) patterns

21

What is a fingerprint scanner? Captures curves and indentations of a fingerprint Some predict this will become the home user’s

authentication device for e-commerce transactions Some newer keyboards and notebook computers

have a fingerprint scanner built into them Some cost less than $100

22

What is a hand geometry system?

Measures the shape and size of a person’s hand Typically used as a time and attendance device

by large companies Costs more than $1,000

23

What is a face recognition system?

Captures a live face image and compares it to a stored image to determine if the person is a legitimate user

Used by some notebook computers to safeguard the computer

Can recognize people with or without glasses, makeup, or jewelry, and with new hairstyles

24

What are two other verification systems?

Voice verification system

Compares a person’s live speech to their stored voice

pattern

• Time and attendance devices

• Controls access to sensitive files and networks

• Secures telephone banking transactions

Signature verification system

Recognizes the shape of your handwritten signature, as well as pressure exerted

and the motion used to write the signature

Uses a specialized pen and tablet

25

What is an iris verification system? Reads patterns in the tiny blood vessels in

the back of the eye Very expensive Used by government security organizations,

the military, and financial institutions that deal with highly sensitive data

26

An access control method that some systems utilize to authenticate remote users

You can connect to a computer only after the computer calls you back at a previously established telephone number

Works best for users who regularly work at the same remote location

You call the computer

You enter a user name and password

If these are valid, the computer instructs

you to hang up

What is a callback system?

The computer calls you back and allows

you to connect to the system

27

What is hardware theft and vandalism?

Theft is the act of stealing computer equipment

Vandalism is the act of defacing or destroying computer equipment

Prevent with physical access controls• Locked doors and windows• Alarm systems

Physical security devices• Cables that lock the equipment to a

desk, cabinet, or floor

28

What precautions can prevent theft of mobile equipment? Common sense Constant awareness of

risk Never leave a notebook

computer unattended in a public place

May use a physical device to temporarily lock a mobile computer to a desk or table

Precautions in case of theft

• Back up the files stored on your notebook computer regularly

• Use passwords, possessed objects, or biometrics to render the computer useless if stolen

• Some handheld computers allow you to display your name and telephone number

• Others allow you to encrypt data in the device

29

When you purchase software, you do

not own the software. Instead,

you become a licensed user

What is software theft? Can range from someone

physically stealing media that contains software to intentional piracy of software

Software piracy is the unauthorized and illegal duplication of copyrighted software

30

What is information theft? Occurs when someone

steals personal or confidential information

Often linked to other types of computer crime

Several methods used to protect against information theft

Implement user identification and

authentication controls to protect

information on computers located on a company’s premises

Encrypt sensitive data

31

What is encryption? The process of

converting readable data into unreadable characters to prevent unauthorized access

Encrypted data can be stored or sent as an e-mail message

To read the data, the recipient must decrypt it

An encryption key is the formula that the recipient of the data uses to decrypt cipher text

Plaintext

Unencrypted, readable data

Cipher text

The encrypted (scrambled) data

encryption software

Plaintext

encryption key

32

What are some data encryption methods? An encryption key (formula) often uses more than one of

these methods

33

Public key encryption

• Uses two encryption keys: a public key and a private key

• Public key encryption software generates both your private key and public key

• Public keys are made known to those with which you communicate

• The private key is kept confidential

Private key encryption

• Both the originator and recipient use the same secret key to encrypt and decrypt the data

• The most popular private encryption system is the data encryption standard (DES). The U.S. government is a primary user of DES.

What are two basic types of encryption?

34

Step 1: Sender creates document to be e-mailed to receiver.

Sender (Joan)

message to be sent

Step 2: Sender uses receiver’s public key to encrypt a message.

Sender (Joan)

message to be sent

public key

encrypted message

Step 3: Receiver uses his or her private key to decrypt the message.

Sender (Joan)

message to be sent

public key private key

encrypted message

Step 4: Receiver can read or print the decrypted message.

Sender

(Ali)

Receiver (Mohammed)

message to be sent

decrypted message

public key private key

encrypted message

How does public key encryption work?

35

The prolonged malfunction of a computer

Can cause the loss of hardware, software, data, or information

aging hardware

natural disasters such as fires,

floods, or storms

random events such as electrical power

problems

What is a system failure?

36

What is an uninterruptible power supply (UPS)?

A device that contains surge protection circuits and one or more batteries that can provide power during a temporary or permanent loss of power

A standby UPS switches to battery power when a problem occurs in the power line• Also called an offline UPS

Online UPS always runs off the battery• Provides continuous protection

37

What is a backup? A duplicate of a file, program,

or disk that can be used if the original is lost, damaged, or destroyed

To back up a file means to make a copy of it

You restore the files by copying the backed up files to their original location on the computer

Keep backup copies in a fireproof and heatproof safe or vault, or offsite

Offsite

A location separate from the computer

site

38

Internet and Network Security

Why is Internet and network security important? Information

transmitted over networks has a higher degree of security risk

Employs many security techniques discussed thus far

Securing Internet transactions

Securing e-mail

messages

Firewalls

39

Internet and Network Security

How do Web browsers provide secure data transmission? Many Web browsers use

encryption A Web site that uses

encryption techniques to secure its data is known as a secure site

Secure sites use digital certificates along with a security protocol

Digital certificate

Also called a public-key certificate

A notice that guarantees a user or a Web site is legitimate

40

Secure Electronic Transaction (SET)

Specification uses a public-key encryption to

secure credit-card transaction systems

Secure HTTP (S-HTTP)

Allows you to choose an encryption scheme for

data that passes between a client and a server

The client and server both must have digital

certificates

More secure than SSL

Internet and Network Security

What are other secure encryption techniques?

41

Internet and Network Security

What is a digital signature? Also called a digital ID An encrypted code that a person, Web site, or

company attaches to an electronic message to verify the identity of the message sender

The code usually consists of the user's name and a hash of all or part of the message

Helps to prevent e-mail forgery and verify that the contents of a message has not changed

Hash

A mathematical formula that generates a code from the contents of the message

42

Internet and Network Security

What is a firewall? A security system consisting of

hardware and/or software that prevents unauthorized access to data and information on a network

Many large companies route all communications through a proxy server to implement a firewall

Firewalls use a variety of screening techniques• Check domain name or IP

address• Require digital signatures

Proxy server

A server outside the company’s network that controls which

communications pass into the company’s

network

43

Internet and Network Security

What are some popular personal firewall products?

44

Track user preferences

Information Privacy

What is a cookie? A small file that a Web

server stores on your computer

Typically contains data about you

A Web site can read data only from its own cookie file

Some Web sites sell or trade information stored in your cookie to advertisers

Track how regularly you visit a site and the Web pages you

visit when at the site

Target advertisements to your interests and browsing habits

45

Information Privacy

How can you set your browser to control cookies?

You can set your browser to accept cookies automatically, prompt you if you wish to accept a cookie, or disable cookie use

Many Web sites do not allow you to access features if you disable cookie use

46

Information Privacy

What is spyware? A program placed on a

computer without the user's knowledge that secretly collects information about the user

Can enter your computer as a virus or as a result of installing a new program

Communicates information it collects to some outside source while you are online

Adware

Spyware used by Internet advertising

firms to collect information about a

user’s Web browsing habits

To remove spyware, you

need to purchase a special program

that can detect and delete it

47

Information Privacy

What is spam? An unsolicited e-mail message or newsgroup

posting sent to many recipients or newsgroups at once

Internet junk mail

48

Anti-spam program

Attempts to remove spam

Sometimes removes valid e-mail messages

Information Privacy

E-mail filtering

A service that blocks e-mail messages from designated

sources

Collects spam in a central location that you can view,

at any time

How can you control spam?

49

Information Privacy

What is filtering software? Also called an Internet filtering program Software that can restrict access to specified

Web sites Some filter sites that use specific words Others allow you to filter e-mail messages and

chat rooms